Update fork #2

) closes #4092 When a Stack's region is a string literal, we can return a string literal from Stack.partition, resulting in easier to read generated templates. The feature flag to enable this behavior is `@aws-cdk/core:enablePartitionLiterals`. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… (under feature flag) (#21546) Currently when you create a RestApi cloudwatch logging is enabled by default. This will create an IAM role and a `AWS::ApiGateway::Account` resource, which is what is used to allow API Gateway to write API logs to CloudWatch logs. There can only be a single API Gateway account per AWS environment (account/region), but CloudFormation will not throw an error if you try to create additional accounts. Instead it will update the existing account with the new configuration. This can cause issues if customers create more than 1 RestApi. The following scenario is an example. 1. Create a single `RestApi` A new `AWS::ApiGateway::Account` and IAM role is created. 2. Create a second `RestApi` Another `AWS::ApiGateway::Account`/IAM role is created which _overwrites_ the first one. The first RestApi now uses the account/role created by this `RestApi`. 3. Delete the second `RestApi` The `AWS::ApiGateway::Account`/IAM role is deleted along with the second `RestApi`. The first `RestApi` no longer has access to write to CloudWatch logs. Because of this behavior, the correct thing to do is to disable CloudWatch logs by default so that the user has to create the global resource separately. This new behavior is behind a feature flag `@aws-cdk/aws-apigateway:disableCloudWatchLogs`. In addition, the default retention policy for both the API Gateway account and IAM role has been set to `RETAIN` so that existing implementations that do not use the feature flag can avoid the above scenario. The resources will be unmanaged, but existing RestApis will not break. I've updated all the existing integration tests to use the old behavior by explicitly setting `cloudWatchLogs: true`. I then added a new integration test for the new behavior. closes #10878 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

fixes: #21454 Version 14 of aurora cluster is now supported. In addition, versions of Aurora that seem to be omitted have been added. I found a lot of deprecated parameters, but I'm submitting them as a separate issue because it's a lot of work. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The test was failing due to the IP Target not being behind a subnet. This corrects that. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…1584) fixes #21560 Duration wasn't getting compared correctly and prevented values above 400 from getting used for `ApplicationLoadBalancedService.idleTimeout` ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…k/lambda-layer-awscli (#21601) Bumps [awscli](https://github.com/aws/aws-cli) from 1.25.46 to 1.25.51. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst">awscli's changelog</a>.</em></p> <blockquote> <h1>1.25.51</h1> <ul> <li>api-change:<code>amp</code>: This release adds log APIs that allow customers to manage logging for their Amazon Managed Service for Prometheus workspaces.</li> <li>api-change:<code>chime-sdk-messaging</code>: The Amazon Chime SDK now supports channels with up to one million participants with elastic channels.</li> <li>api-change:<code>ivs</code>: Updates various list api MaxResults ranges</li> <li>api-change:<code>personalize-runtime</code>: This release provides support for promotions in AWS Personalize runtime.</li> <li>api-change:<code>rds</code>: Adds support for RDS Custom to DBInstanceClass in ModifyDBInstance</li> </ul> <h1>1.25.50</h1> <ul> <li>api-change:<code>backupstorage</code>: This is the first public release of AWS Backup Storage. We are exposing some previously-internal APIs for use by external services. These APIs are not meant to be used directly by customers.</li> <li>api-change:<code>glue</code>: Add support for Python 3.9 AWS Glue Python Shell jobs</li> <li>api-change:<code>privatenetworks</code>: This is the initial SDK release for AWS Private 5G. AWS Private 5G is a managed service that makes it easy to deploy, operate, and scale your own private mobile network at your on-premises location.</li> </ul> <h1>1.25.49</h1> <ul> <li>api-change:<code>dlm</code>: This release adds support for excluding specific data (non-boot) volumes from multi-volume snapshot sets created by snapshot lifecycle policies</li> <li>api-change:<code>ec2</code>: This release adds support for excluding specific data (non-root) volumes from multi-volume snapshot sets created from instances.</li> </ul> <h1>1.25.48</h1> <ul> <li>api-change:<code>cloudwatch</code>: Update cloudwatch command to latest version</li> <li>api-change:<code>location</code>: Amazon Location Service now allows circular geofences in BatchPutGeofence, PutGeofence, and GetGeofence APIs.</li> <li>api-change:<code>sagemaker-a2i-runtime</code>: Fix bug with parsing ISO-8601 CreationTime in Java SDK in DescribeHumanLoop</li> <li>api-change:<code>sagemaker</code>: Amazon SageMaker Automatic Model Tuning now supports specifying multiple alternate EC2 instance types to make tuning jobs more robust when the preferred instance type is not available due to insufficient capacity.</li> </ul> <h1>1.25.47</h1> <ul> <li>api-change:<code>glue</code>: Add an option to run non-urgent or non-time sensitive Glue Jobs on spare capacity</li> <li>api-change:<code>identitystore</code>: Documentation updates to reflect service rename - AWS IAM Identity Center (successor to AWS Single Sign-On)</li> <li>api-change:<code>iotwireless</code>: AWS IoT Wireless release support for sidewalk data reliability.</li> <li>api-change:<code>pinpoint</code>: Adds support for Advance Quiet Time in Journeys. Adds RefreshOnSegmentUpdate and WaitForQuietTime to JourneyResponse.</li> <li>api-change:<code>quicksight</code>: A series of documentation updates to the QuickSight API reference.</li> <li>api-change:<code>sso-admin</code>: Documentation updates to reflect service rename - AWS IAM Identity Center (successor to AWS Single Sign-On)</li> <li>api-change:<code>sso-oidc</code>: Documentation updates to reflect service rename - AWS IAM Identity Center (successor to AWS Single Sign-On)</li> <li>api-change:<code>sso</code>: Documentation updates to reflect service rename - AWS IAM Identity Center (successor to AWS Single Sign-On)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws/aws-cli/commit/1a9d362b46b688e1c6fd4230534b428e250e878e"><code>1a9d362</code></a> Merge branch 'release-1.25.51'</li> <li><a href="https://github.com/aws/aws-cli/commit/f53e396dc20071a7e44e4b470a6a3b2be31f7686"><code>f53e396</code></a> Bumping version to 1.25.51</li> <li><a href="https://github.com/aws/aws-cli/commit/82371e0569b3ec8ba95707bbf26cb8b9744a597e"><code>82371e0</code></a> Update changelog based on model updates</li> <li><a href="https://github.com/aws/aws-cli/commit/2632a48eccb408d63c4b01217574afaa557ed7ad"><code>2632a48</code></a> Merge branch 'release-1.25.50'</li> <li><a href="https://github.com/aws/aws-cli/commit/ebd27323f34d0b193133211fdd10f12c301e6aec"><code>ebd2732</code></a> Merge branch 'release-1.25.50' into develop</li> <li><a href="https://github.com/aws/aws-cli/commit/b3f94abd9d4f29936babfe87d2c98f410c9c487b"><code>b3f94ab</code></a> Bumping version to 1.25.50</li> <li><a href="https://github.com/aws/aws-cli/commit/e9cb28c6f509f9a8e20ca0599df331ecc6a8e9cf"><code>e9cb28c</code></a> Update changelog based on model updates</li> <li><a href="https://github.com/aws/aws-cli/commit/497dcbed82a93773d45fd4982a9de9ead77de662"><code>497dcbe</code></a> Merge branch 'release-1.25.49'</li> <li><a href="https://github.com/aws/aws-cli/commit/f39908a51c2843e146c56b2c2625b63f15312ad0"><code>f39908a</code></a> Merge branch 'release-1.25.49' into develop</li> <li><a href="https://github.com/aws/aws-cli/commit/8178f0d01c50e10a54f656845f73e4d0a297cb7c"><code>8178f0d</code></a> Bumping version to 1.25.49</li> <li>Additional commits viewable in <a href="https://github.com/aws/aws-cli/compare/1.25.46...1.25.51">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=awscli&package-manager=pip&previous-version=1.25.46&new-version=1.25.51)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

…` is undefined (#21596) If TypeScript compiler option `strictPropertyInitialization` is set to `false`, it is possible to pass an undefined value to the `fromLookup` method in `HostedZone`. Currently the error message `Cannot read property 'endsWith' of undefined` will be displayed. This error message does not indicate the root cause, so it is difficult to fix the problem. This fix introduces an additional check that shows an appropriate error message. Fixes #10053. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This change adds a new `isPipeline` method to `PipelineBase`. This method works the same way as `Stack.isStack` (checking if a specific `Symbol` property is defined on the provided object), and serves the same purpose: to check if a provided object extends `PipelineBase` (e.g., `CodePipeline` would return true, while `Stack` or `s3.Bucket` would return false). ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### ~Adding new Unconventional Dependencies:~ ~* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)~ ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Add support for P4DE instances. [Announcement](https://aws.amazon.com/about-aws/whats-new/2022/05/amazon-ec2-p4de-gpu-instances-ml-training-hpc/) Closes #20924. Note: This instance type is still in developer preview. As proposed in #20924 (comment), I described this restriction in the docstring. Please add tags `pr-linter/exempt-readme` and `pr-linter/exempt-integ-test`. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR adds #20345's `--concurrency` to `cdk watch` mode. Given that `cdk watch` is a wrapper around `deploy`, this is a simple matter of passing the `concurrency` option along. Fixes #21597 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This adds support for CloudFront distributions that use HTTP/3. News post: https://aws.amazon.com/about-aws/whats-new/2022/08/amazon-cloudfront-supports-http-3-quic/ CloudFormation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-httpversion ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…S namespace (#21494) ---- Closes: #21490 DNS namespaces are currently setup in a way which only allow for discoverability via DNS or API, this means it is not currently possible to register non-ip instances within a DNS based namespace. After this change you can create a DNS based service with an optional ```discoveryType``` If this ```discoveryType``` is set to ```DiscoveryType.API``` then you can register non IP based instances to this service using the ```registerNonIpInstance``` function If no DiscoveryType is passed than the default from the namespace is used, so for an HTTP namespace this is ```API``` and for DNS derived namespaces this is ```DNS_AND_API``` This means DNS type namespaces can have services registered with a combination of discovery types. ---- ### All Submissions: * [&check;] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [&cross;] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [&check;] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [&check;] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This test needs a service linked role to build the VPC and related resources. This adds that. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This test requires a service linked role in order for it to build the VPC and related resources. This adds that. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

integ-runner was published on v1, but it must have been lost in the forward merge because it is still marked as private in v2. This PR will enable publishing integ-runner for CDK v2. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The resources in these tests were colliding, causing failures. This change removes those collisions and updates the tests so they pass when run locally. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.38.0/CHANGELOG.md)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.38.0/CHANGELOG.md)

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

… assets (#21638) The integ-runner has the ability to ignore changes to assets since asset changes can lead to a lot of snapshot failures and we don't always need to re-deploy the integ test when this occurs. The `canonicalizeTemplate` function only worked with the v1 (`@aws-cdk/core:newStyleStackSynthesis:false`) assets which were stored in CFN parameters. This PR updates the logic to also account for the new style assets. Because we now have a list of the actual assets in the asset manifest the logic simply reads the list of assets from the manifest and replaces substitutes those values. I also refactored some things: - The `canonicalizeTemplate` function was moved into a private method of `IntegSnapshotRunner` since that is the only place it is used. - The CloudAssemblyManifest asset methods were refactored so that we could either return the asset location or the asset id ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Updating these tests to use the new integ runner and updating the readme to not have someone's commentary about the test/readme not being complete. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Fixes #21578 Please add `pr-linter/exempt-readme` label since this property needs no entry in the README imho. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Fixed selector pattern for the empty stack which must be deleted during the deployment. I set stack selector pattern as `stack.hierarchicalId` because hierarchicalId is used in `selectMatchingStacks` method which is called when destroy logic is looking for the stack to be deleted. https://github.com/aws/aws-cdk/blob/92d6d58029595735df6902db5f820b1182dfb27b/packages/aws-cdk/lib/api/cxapp/cloud-assembly.ts#L138 There is also existing integration test which covers destroy logic and it works now without additional modifications: https://github.com/aws/aws-cdk/blob/92d6d58029595735df6902db5f820b1182dfb27b/packages/aws-cdk/test/integ/cli/cli.integtest.ts#L685 **How I tested it locally?** - Prepared a package with fix with `yarn package` and installed with `npm install -g dist/js/aws-cdk-0.0.0.tgz` - Reproduced steps from the bug #20822 - Ensured that the issue is fixed closes #20822 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

It is no longer valid in CDK v2 to specify stacks to deploy by the stack name. This PR updates the logic to use the stack id. I've also re-ran the integration tests that use assertions to verify that the assertion stacks are now deployed. fixes #21639 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…_COVERAGE (#21656) Fixes #21534 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Reverts #21598 See #21661

Reverts #20345 See #21661

Reverts #21598 See #21661

Reverts #20345 See #21661

See CHANGELOG

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.38.1/CHANGELOG.md)

…n ECR assets (#21582) ECR assets has properties `imageUri` and `assetHash`. `assetHash` is used to generate the image tag, and `imageUri` is the repository and tag concatenated. However, parsing the tag from the URI is not possible since `imageUri` is a token. Additionally, `assetHash` and the image tag are not always identical since adding a synthesizer to the stack with a `dockerTagPrefix` would concatenate the prefix to the hash to make the tag. It is now possible to get the tag by itself with `synthesizedTag`. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

We don't publish eks-legacy in v2. This deletes it from the library ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Changes the CDK CLI to build assets before deploying any stacks. This allows the CDK CLI to catch docker build errors, such as from rate limiting, before any stacks are deployed. Moving asset builds this early prevents these build failures from interrupting multi-stack deployments part way through. Fixes #21511 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

When using environment variable credentials (`AWS_ACCESS_KEY_ID` etc) that were expired, the CLI would proceed to retry calls involving those credentials because the `ExpiredToken` error is marked as `retryable: true`. Because we have extremely aggressive retries for most of our SDK calls (since the CloudFormation throttling limits are low and we generate a lot of contention on them), calls can take up to 10 minutes to run out of retries. Try and detect `ExpiredToken` situations sooner and error out harder without trying to recover from them. This PR only handles the situation where there is a Roles to assume -- this works because calls to STS have a much lower retry count, and so it only takes a couple of seconds to run out of retries and surface the `ExpiredToken` to the CLI, which we can then use to abort early. This is all to work around aws/aws-sdk-js#3581 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

docs(ec2): Added clarification on importing a InterfaceVpcEndpoint

…21495) Because private subnets rely on a NAT Gateway for internet connectivity, it is important that the NAT Gateway have the necessary dependencies for its own internet connectivity. Otherwise, `internetConnectivityEstablished` on a private subnet may not be true during stack creation and deletion. This is most notable for CloudFormaton Custom Resources; however, it can result in other dependency failures during stack deletion, especially if resources within a private subnet take a long time to delete. Ensuring that the NAT Gateway depends on its public subnet having internet connectivity completes the chain of dependencies and ensures that all resources will correctly have internet connectivity. Because of the layers of abstraction around subnets and NAT gateways, unit tests for this feature are challenging (because there isn't a clear means to get the CloudFormaton Logical ID of the AWS::EC2::Route that establishes the connectivity); however, NAT Gateways are included in several integration tests so this dependency can be tested there. Closes: #21348 ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…Widget (#21684) Adds configuration option for enabling sparkline in SingleValueWidget. Fixes #21683

…ibute groups (#20850) This PR adds sharing capability to the Application and Attribute Group constructs for Service Catalog AppRegistry. Users who have enabled AWS Organizations in their AWS account can now share their AppRegistry Application and Attribute Groups with accounts in their organization, organizational units (OUs), IAM roles, and IAM users. This provides CDK parity with the support of cross-account sharing of Applications and Attribute Groups which was [released as an AppRegistry feature](https://aws.amazon.com/about-aws/whats-new/2022/06/aws-service-catalogs-application-registry-cross-account-applications/). ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- Co-authored by: Aidan Crank

The CLI documentation seen when running `--help` is misleading about the `--app` option being required. This option can be (and most often is) set by `cdk.json`, making the CLI option itself not strictly required when an app is needed. Additionally, no app value needs to be passed if the invoked command doesn't run the app (notably on `bootstrap` and `context`, possibly others). This PR clarifies these conditions Fixes: #21564 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…21686) Certificates created with AWS Certificate Manager are recorded in a certificate transparency log. ACM however allows you to opt of out of transparency logging. This feature enables certificates created in ACM through CDK to opt out of transparency logging. ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

) I mistakenly assumed this prop would contain the list of DNS names and did not realize it is actually a list of the hosted zone ID and the DNS name separated by `:`. This change includes a part of the CloudFormation documentation to the attribute to help others avoid this mistake. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…21716) [This change in the aws cli](aws/aws-cli#7157) made the `help` command use the file `global_options.rst` in the `opt/awscli/awscli/examples` folder. We need to keep that file so that running `/opt/awscli/aws help` doesn't break. I moved this into a new PR from the dependabot one because I didn't want it to auto-approve my changes. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…o that they can be specified in Launch Template (#21579) HPC Batch applications frequently require Elastic Fabric Adapters for low-latency networking. Currently, the `ComputeEnvironment` construct always automatically defines a set of `SecurityGroupIds` in the CloudFormation it generates, and this prevents the stack deploying if the LaunchTemplate contains network interface definitions; Batch does not allow SecurityGroups at the `ComputeEnvironment` level if there are network interfaces defined in the `CfnLaunchTemplate`. Since we do not currently have support for network interfaces this PR adds a new boolean property in `launchTemplate` called `useNetworkInterfaceSecurityGroups`. When this is enabled we will assume that security groups are being provided by the launch template. A long term solution may be to: - Add support for network interfaces in the L2 ec2.LaunchTemplate construct. - Update the batch.ComputeEnvironment construct to take a ILaunchTemplate instead of the name/id. - Check the ILaunchTemplate for whether the ComputeEnvironment needs to create any security groups. closes #21577 ---- ### All Submissions: * [yes] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [no] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [yes] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [yes] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

These changes were brought up in a [review of the Go workshop](aws-samples/aws-cdk-intro-workshop#636) - update Go version - close jsii process - remove unneeded `assertions` alias ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

Re-rolls #20345, after it had to be reverted in #21664. Includes the fix necessary to make sure that `--exclusively` works (#21663), and includes `cdk watch --concurrency` as well (#21598). Closes #21663.

closes #21692 Now we can specify keys that will not be transformed by `transformObjectKeys` function. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…et to false when specifying launchTemplate (#21714) Setting `associatePublicIpAddress` prop when also setting `launchTemplate` prop on a new ASG is supposed to throw an error, but doesn't due to `associatePublicIpAddress` being a boolean, and the error message not triggering if a falsy value is used for the prop. This PR will ensure an error is thrown when `associatePublicIpAddress` is set, even when the value passed is falsy. It also updates the documentation on all props which conflict with `launchTemplate` or `mixedInstancesPolicy` fixes: #21576 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

`FeatureFlags.isEnabled()` returns `boolean | undefined`, but if the value of the feature flag is something other than a boolean, it will actually return that type instead. For example, ```ts node.setContext(someFeatureFlag, 'true'); const enabled = FeatureFlags.of(node).isEnabled(someFeatureFlag); if (enabled) { // will work } if (enabled === true) { // will not work because enabled === 'true' } ``` It looks like the only place this bug crops up is in the `FunctionVersionUpgrade` aspect. https://github.com/aws/aws-cdk/blob/8b0832334afee496355e7aeb684773d8f939f058/packages/@aws-cdk/aws-lambda/lib/function.ts#L1306 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.39.0/CHANGELOG.md)

#21763) I don't know why I was specifying `nargs: 1` for array arguments. This tells yargs to only accept a single argument. You can no provide multiple options, i.e. ``` yarn integ --regions us-east-1 us-east-2 ``` re #20384 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Adding the ability to specify `--progress` when using cdk `deploy`. I'm setting the default to `events` as opposed to the default of `bar` in the CLI. Since this library is currently only used in the integ-runner, and if published will most likely be used in automation I think it makes more sense to set progress to `events`. This is really useful when running multiple integration tests in parallel. If set to `bar` (CLI default) the logs will overlap/overwrite each other which makes it difficult to troubleshoot. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.39.0/CHANGELOG.md)

`token` is no longer a valid option in v2, so `secretToken` is required by virtue of needing to provide at least one of `token` or `secretToken` Removed test which checks for error because `secretToken` is now required so we cannot check for error, even with `testDeprecated` to my knowledge fixes #21744 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Updating these tests to use the new integ runner. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR remove all `pragma:ignore-assets` pragma. `pragma:ignore-assets` was obsoleted at #17592. fix: #18984 As said in this issue, this pragma has been displayed in the documentation as following: <img width="998" alt="image" src="https://user-images.githubusercontent.com/11013683/187058745-efffaf49-f51c-4a2d-988f-c9c798082aaa.png"> ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…k/lambda-layer-awscli (#21800) Bumps [awscli](https://github.com/aws/aws-cli) from 1.25.58 to 1.25.62. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst">awscli's changelog</a>.</em></p> <blockquote> <h1>1.25.62</h1> <ul> <li>enhancement:docs: Generate a usage note for Tagged Union structures.</li> <li>api-change:<code>mediapackage</code>: This release adds Ads AdTriggers and AdsOnDeliveryRestrictions to describe calls for CMAF endpoints on MediaPackage.</li> <li>api-change:<code>rds</code>: Removes support for RDS Custom from DBInstanceClass in ModifyDBInstance</li> </ul> <h1>1.25.61</h1> <ul> <li>api-change:<code>elbv2</code>: Update elbv2 command to latest version</li> <li>api-change:<code>gamelift</code>: This release adds support for eight EC2 local zones as fleet locations; Atlanta, Chicago, Dallas, Denver, Houston, Kansas City (us-east-1-mci-1a), Los Angeles, and Phoenix. It also adds support for C5d, C6a, C6i, and R5d EC2 instance families.</li> <li>api-change:<code>iotwireless</code>: This release includes a new feature for the customers to enable the LoRa gateways to send out beacons for Class B devices and an option to select one or more gateways for Class C devices when sending the LoRaWAN downlink messages.</li> <li>api-change:<code>ivschat</code>: Documentation change for IVS Chat API Reference. Doc-only update to add a paragraph on ARNs to the Welcome section.</li> <li>api-change:<code>panorama</code>: Support sorting and filtering in ListDevices API, and add more fields to device listings and single device detail</li> <li>api-change:<code>sso-oidc</code>: Updated required request parameters on IAM Identity Center's OIDC CreateToken action.</li> </ul> <h1>1.25.60</h1> <ul> <li>api-change:<code>cloudfront</code>: Adds support for CloudFront origin access control (OAC), making it possible to restrict public access to S3 bucket origins in all AWS Regions, those with SSE-KMS, and more.</li> <li>api-change:<code>config</code>: AWS Config now supports ConformancePackTemplate documents in SSM Docs for the deployment and update of conformance packs.</li> <li>api-change:<code>iam</code>: Documentation updates for AWS Identity and Access Management (IAM).</li> <li>api-change:<code>ivs</code>: Documentation Change for IVS API Reference - Doc-only update to type field description for CreateChannel and UpdateChannel actions and for Channel data type. Also added Amazon Resource Names (ARNs) paragraph to Welcome section.</li> <li>api-change:<code>quicksight</code>: Added a new optional property DashboardVisual under ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in QuickSight dashboards.</li> <li>api-change:<code>transfer</code>: Documentation updates for AWS Transfer Family</li> </ul> <h1>1.25.59</h1> <ul> <li>api-change:<code>rds</code>: RDS for Oracle supports Oracle Data Guard switchover and read replica backups.</li> <li>api-change:<code>sso-admin</code>: Documentation updates to reflect service rename - AWS IAM Identity Center (successor to AWS Single Sign-On)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws/aws-cli/commit/925e5a0becc334f910cdd06269d31519f4f6ebf5"><code>925e5a0</code></a> Merge branch 'release-1.25.62'</li> <li><a href="https://github.com/aws/aws-cli/commit/697959fefa76c334a2e559702055e38bd19361b8"><code>697959f</code></a> Bumping version to 1.25.62</li> <li><a href="https://github.com/aws/aws-cli/commit/b810b86c4613fe492bc4714d1bbaa4d599dd087c"><code>b810b86</code></a> Update changelog based on model updates</li> <li><a href="https://github.com/aws/aws-cli/commit/9677fd4945bf7e689e98a38c986b4f0fdf0a7e5e"><code>9677fd4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/aws/aws-cli/issues/7205">#7205</a> from hssyoo/doc-tagged-unions</li> <li><a href="https://github.com/aws/aws-cli/commit/15472bf0bf09fe7e366eb1fa07151e191f44cf8f"><code>15472bf</code></a> Add note for Tagged Unions</li> <li><a href="https://github.com/aws/aws-cli/commit/d95a1a837fe7db04993201c5d87a248dde98f815"><code>d95a1a8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/aws/aws-cli/issues/7221">#7221</a> from hssyoo/update-sidebar-logo</li> <li><a href="https://github.com/aws/aws-cli/commit/d2d7dffe2da05aa34dbd5b642c17779639498877"><code>d2d7dff</code></a> refactor config tests to be in CI and use <code>run_cmd</code> instead of <code>aws</code> (<a href="https://github-redirect.dependabot.com/aws/aws-cli/issues/7211">#7211</a>)</li> <li><a href="https://github.com/aws/aws-cli/commit/729f5d207aa396c150116f07cfb353f1f4c35c59"><code>729f5d2</code></a> Merge branch 'release-1.25.61'</li> <li><a href="https://github.com/aws/aws-cli/commit/ab1ca4578062135e24a77b21c2a82120b506179f"><code>ab1ca45</code></a> Merge branch 'release-1.25.61' into develop</li> <li><a href="https://github.com/aws/aws-cli/commit/8b8bd8052bf3f13cb91c12b5a995ef8df73de0a6"><code>8b8bd80</code></a> Bumping version to 1.25.61</li> <li>Additional commits viewable in <a href="https://github.com/aws/aws-cli/compare/1.25.58...1.25.62">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=awscli&package-manager=pip&previous-version=1.25.58&new-version=1.25.62)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

When accessing the bootstrap brokers of a cluster configured with property `clientAuthentication: msk.ClientAuthentication.sasl({ iam: true })` One can access the bootstrap brokers from the command line: `aws kafka get-bootstrap-brokers --cluster-arn <ClusterArn>` This will return an object: ``` { "BootstrapBrokerStringSaslIam": "..." } ``` This PR adds the ability to access the bootstrap brokers directly as a property of the Kafka cluster. This can now be done via the `cluster.bootstrapBrokersSaslIam` property. Fixes #18355 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…21770) Portfolio construct code uses the incorrect service name when generating the ARN for the portfolio. The ARN generated uses the service name "servicecatalog" instead of "catalog". CLI documentation confirms ARN should use catalog instead of servicecatalog: https://docs.aws.amazon.com/cli/latest/reference/servicecatalog/create-portfolio.html Added a single unit test to check arn formatting. fixes #20849 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

PR to fix #21568. Extended the PythonVersion enum to include 3.9, as it already seems to be supported everywhere (CloudFormation, SDK). #21568 (comment) ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date. This applies a fix for a [p0](#21790). Fix is applied from jsii-pacmak@1.65.1.

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/patch/v2.39.1/CHANGELOG.v2.md)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.39.1/CHANGELOG.md)

https://github.com/aws-actions/stale-issue-cleanup `exempt-xxx-label` was changed to `exempt-xxx-labels` between versions, we bumped this action to v5 back in april but no errors were ever thrown for this ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…21717) ## Problem When queue construct is set, queue related props (maxReceiveCount, visibilityTimeout, retentionPeriod) have no effect to the queue of the `QueueProcessingService`. I think this is a reasonable behavior, but it is difficult to notice when wrongly configured. ## Fix This pull request adds a validation to prevent from setting both queue and queue related props at the same time, and notice users the configuration error. Also, updates the param docs for this behavior. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

In #21646 we updated the `assertionStack` value to be the `node.id` of the assertion stack since that is what the CDK CLI requires to deploy the stack. The change in #21646 fixed that bug, but it introduced a new one where the assertion results are no longer read and reported on by the integ-runner. The integ-runner reads the results of the assertions from the stack outputs which are written to a file (with `cdk deploy --output `assertion-results.json`). The outputs use the stack _name_ not the _node.id_. As a result, the integ-runner was looking for outputs for an invalid stack name. This PR fixes that by: - Adding `assertionStackName` property to the `integ.json` manifest - Updates the integ-runner to use the `assertionsStackName` to lookup the assertion results. - Add reporting on assertion results (previously only reported failures). - Updates all integ snapshots which currently use assertions. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

If `isOrganizationTrail` is set to `true`, but the current AWS account is _not_ the management account then CloudFormation will throw an error. `You cannot configure or manage trails for an organization because this action requires being signed in with the management account.` Also remove the integration test that was added for this feature since in order to test this you would need access to an AWS organization management account _and_ access to create/delete an organization trail. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…21749) Add support for `Fn::ToJsonString` and `Fn::Length`. The `AWS::LanguageExtensions` transform is automatically added. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ToJsonString.html See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-length.html See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-transform.html ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

## fix(AWS-CertificateManager) cap domain name to 64 characters *fix for*: #21777 *motivation*: if a domainName that is longer than 64 characters is provided, certification creation will fail - this implements a check for string length ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The following corrections have been made - Added comment on deprecated version - Added version that was omitted - Comment that was incorrect ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

@aws-cdk-containers is only published through this repo for v1. v2 is managed and published via https://github.com/cdklabs/cdk-ecs-service-extensions ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.40.0/CHANGELOG.md)

…ion (#21852) Fix for the issue #21456. Added support of `--json` option for `cdk bootstrap --show-template` command. `cdk bootstrap --show-template` - will print YAML template `cdk bootstrap --show-template --json` - will print JSON template **How I tested it locally?** - Prepared a package with fix with `yarn package` and installed with `npm install -g dist/js/aws-cdk-0.0.0.tgz` - Reproduced steps from the bug #21456 - Ensured that the issue is fixed ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR updates the `integ-runner` to _not_ set `@aws-cdk/core:newStyleStackSynthesis: false` by default. Previously this was done to cut down on the merge conflicts when the forward-merge was done between v1 and v2, but since we are now only committing to v2 it makes sense to test with `newStyleStackSynthesis` enabled. This change required re-running _all_ integration tests since using this flag changes the template. I've separated out some of the important changes into their own commits to make it easier to review. - `chore(integ-runner): use newStyleSynthesis by default` - this contains the actual change to the `integ-runner` - `integ test shapshot updates` - this contains the snapshot updates for most of the tests - The commits that mention a specific module contain fixes for broken integration tests ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.40.0/CHANGELOG.md)

Patches cfnspec to allow `CfnStateMachine.DefinitionSubstitutions` to synthesize again fixes: #21653 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…tiating them (#21826) ### Description Similar to `addEnvironment()`, an `addSecret()` method is useful to add secrets to ECS Containers after instantiating them via the constructor. ### Use Case The most important use-case is when writing Task Definition Extensions or Aspects to augment ECS services. For example, setting environment variables and secrets for a logging or monitoring solution. Right now, this can be done only using Escape Hatches and there is no higher level functionality to obtain this behaviour. ### Proposed Solution ```typescript const container = taskDefinition.addContainer('nginx', { image: ecs.ContainerImage.fromRegistry('nginx'), }); container.addSecret('SECRET_1', ecs.Secret.fromSecretsManager(secret)); container.addSecret('SECRET_2', ecs.Secret.fromSecretsManager(secretField, 'password')); ``` closes #18959 ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This is part of the Reduce Module Size [project](https://github.com/aws/aws-cdk/projects/15). Most of the heavy lifting is done in jsii, this PR simply turns on the feature. I have tested this in our test pipeline and can confirm that the build output from there can be successfully ingested by contruct hub with transliterated examples in every language. Afaik, the tablet file included in the `aws-cdk-lib` package is _only_ for construct hub, because reproducing the tablet file would take ~3 hours. Title is a `feat` so that it shows up in the changelog; there are no unit or integ tests that can be run to demonstrate it is working. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…esource properties (#21707) This PR adds the `Template.resourcePropertiesCountIs()` method for counting the number of resources of a specified type whose `Properties` section matches given properties. Implements: #21706 ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Closes: #21740 Add support for propagateTags to the CDK construct. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

---- Closes: #21697 and might close #21699 Not all private subnets need to have a NAT gateway for egress; an example would be when using Transit Gateway. I have incorporated the idea expressed in #21189 to add a more generic `PRIVATE_WITH_EGRESS` subnet type. This PR is largely a rename and a small logic change in `determineNatGatewayCount` ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…onnection (#21857) Fixes: #21855 While creating a Eventbridge connection to make api calls to an external api one sometimes have to add additional header parameters like `Content-Type = application/json` These additional headers can be either be a secret value or a plaintext value specified at deploy time. The connection class provides a HttpParameter class that alows you to set a static/unsecure/plaintext value for a header key ```javascript const connection = new Connection(this, "connection", { authorization: Authorization.apiKey( "authorization", secret.secretValue), headerParameters: { "Content-Type": HttpParameter.fromString("application/json"), }, }); ``` This should lead to api calls made with the connection have a Header present with key/value `"Content-Type": "application/json"`, The actual behavior was prior to this Fix that the header wasn't present in the api calls made with this connection. While debugging the issue I used the following aws cli commands to check what has been deployed by cdk/cloudformation `aws events describe-connection --name <name-of-the-connection> ` which result was similair to this ```JSON { "ConnectionArn": "arn:aws:events:eu-west-1:XXXXXXX:connection/SomeConnection/0848ec46-413a-4d40-8834-XXXXXX", "Name": "SomeConnection", "ConnectionState": "AUTHORIZED", "AuthorizationType": "API_KEY", "SecretArn": "arn:aws:secretsmanager:eu-west-1:XXXXXXX:secret:events!connection/SomeSecret/1e74cbb0-dfc6-4b77-a49f-b204e6b74a46-XXXXXX", "AuthParameters": { "ApiKeyAuthParameters": { "ApiKeyName": "authorization" }, "InvocationHttpParameters": { "HeaderParameters": [ { "Key": "Content-Type", "IsValueSecret": true } ] } }, "CreationTime": "2022-08-29T16:57:35+02:00", "LastModifiedTime": "2022-08-29T16:57:35+02:00", "LastAuthorizedTime": "2022-08-29T16:57:35+02:00" } ``` Which indicates that the header value is not set because it is treated as secret value and needs to be provided by the referenced secret. Then i checked the Cloudformation spec https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-connection-parameter.html There it is indicated that there is the property `isValueSecret` which indicates if the value is a secret or not. The next step was to check why cdk generates a template that doesn't work and thereby checked the HttpParameter class. This class is responsible for generating the `AWS::Events::Connection Parameter` properties. I noticed that only the `HttpParameter.fromSecret()` sets the `isValueSecret` flag. But it seems to be the case that for this property the default value is true by cloudformation, so omiting this attribute in the _render function results to `isValueSecret: true` at deploy time. After that i explicity set the value to false for the case the user specifies a plaintext value throught the `HttpParameter.fromString()` method. To make sure the correct values are deployed by cloudformation I added a integration test including an assertion that the deployed connection has the correct isValueSecret flag set and the value for the header is set. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

) Currently, it is not possible to set 0 retry attempts for any of the EventBridge targets that support a retry policy as 0 is falsy value and hence the following conditional doesn't evaluate to true - https://github.com/aws/aws-cdk/blob/c607ca51be1042f091b4e4419f20bec75863055c/packages/%40aws-cdk/aws-events-targets/lib/util.ts#L54-L59 Changed the conditional logic to allow 0 retry attempts for all supported targets along with unit tests. fixes [#21864 ](#21864) ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…21357) This will allow for users with a need for all Lambda functions to be placed in a VPC to more easily adopt the use of `AwsCustomResource`. This is implemented by accepting a `vpc` and `vpcSubnets` property and passing those up to the created `SingletonFunction`. Then tests are added to ensure that it builds correctly and that errors are thrown in the expected circumstances (in the same situations that `lambda.Function` does). This mimics the setup already used by `Provider` in the same package. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR is to resolve #21190. I add an example of `Connection` with RDS secret to the documentation. This PR will help RDS customers understand how to create more secure `Connections`. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

I noticed that the links on https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_core.Duration.html and https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.Duration.html took me to the French-language version the ISO site, https://www.iso.org/fr/standard/70907.html, which surprised me. This changes that to remove `/fr` from the URL. (I haven't tested, but this might default to the right language for a user's browser, or always show English, but I think either of those are less surprising, given the rest of the CDK's docs are in English.) ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…rs (#18703) Add support to `MaxSwap ` and `Swappiness` attributes in the `LinuxParameters` construct. Closes #18460 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR adds SageMaker Studio as one of the enum-like members for [`InterfaceVpcEndpointAwsService`](https://github.com/aws/aws-cdk/blob/17c94eb62ade60c707895afbacea582d42c7e286/packages/%40aws-cdk/aws-ec2/lib/vpc-endpoint.ts#L260-L323). This is particularly useful for SageMaker Studio as its prefix is `aws.sagemaker`, which can be considered a corner case that wouldn't fit [`InterfaceVpcEndpointAwsService.getDefaultEndpointPrefix`](https://github.com/aws/aws-cdk/blob/17c94eb62ade60c707895afbacea582d42c7e286/packages/%40aws-cdk/aws-ec2/lib/vpc-endpoint.ts#L374-L395). See: `aws ec2 describe-vpc-endpoint-services --query 'ServiceDetails[].ServiceName'` ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR adds the capability to specify the consumerGroupId in the event-source-mapping when connection to Kafka. Adds the feature described in issue #21734 This features allows you to specify the consumerGroupId while connecting to a Kafka cluster. This feature was recently annouced https://aws.amazon.com/blogs/compute/using-custom-consumer-group-id-support-for-the-aws-lambda-event-sources-for-msk-and-self-managed-kafka/ and wasn't part of the cdk Kafka construct before. Things done: * Added missing attributes to class EventSourceMapping * amazonManagedKafkaEventSourceConfig * selfManagedKafkaEventSourceConfig * Added validation for the consumerGroupId value based in [CfnSpec](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig.html) * Added a common api `consumerGroupId` for adding the consumerGroupId independant if selfManaged or awsManaged * Updated existing integration test for SelfManagesKafkaConfig * The ManagedKafka Config is not integration tested because it requires a ManagedKafkaCluster which is not possible to deploy right now via cdk * Added Tests for consumerGroupId validation * Added Tests for template synth for SelfManagedKafka and AwsManagedKafka ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

In v1 we used to record construct stack traces; those have disappeared in v2 because the defaults in the underlying `constructs` library changed. Re-add them when `--debug` is passed. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Add ECR account of `ap-southeast-3` for AWS App Mesh. `ap-southeast-3` is an opt-in region, so we have to manually add the new ECR account. ---- ### All Submissions: * [Y] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [Y] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [N] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

It looks like something was changed in the base image and there is no longer write access to the `/tmp` directory which causes bundling with poetry to fail (see linked issue). This PR updates the Dockerfile to create a new cache location for both `pip` and `poetry` and switches to using a virtualenv for python so that it is no longer using root. To test this I executed the `integ.function.poetry` integration test both before (to reproduce the error) and after the fix. I'm actually not sure why our integration tests didn't start failing in the pipeline. The only thing I can think of is that we are caching the docker images and it just hasn't pulled down a newer one that has this issue. fixes #21867 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

For some reason when using the `python3.7` docker image the `useradd` command fails `/bin/sh: /sbin/useradd: No such file or directory`. I'm not sure why it works on 3.8 & 3.9 and not 3.7, but since that is not necessary I'm just removing it. I've added python3.7 to the integration test to confirm that it works for 3.7, 3.8, & 3.9 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…21949) testLegacyBehavior only runs tests in v1 and skips them in v2, so none of these tests were running anyway. testFutureBehavior just runs the tests with the feature-flag as true, which is the default to these in v2 anyway. I'm removing these functions and their uses so that contributors aren't mislead to think they should use them. I also fixed some spacing issues in test packages. The diff on this is kind of hard to follow but the summary of the change is this: - all testLegacyBehavior tests have been deleted - all testFutureBehavior tests have been updated to be standard tests - describe blocks were removed where they wrapped around legacy or future sets of tests - spacing fixed ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.41.0/CHANGELOG.md)

Fixes #20496 This PR implements the proposed change in #20496 - When a region is set in the vpc it is used in the CloudFormation template. Otherwise the region from the respective stack is used. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.41.0/CHANGELOG.md)

) When you add an action to a listener the `bind` method is called, and one of the things that is typically done is to configure security group ingress. When you chain actions together, i.e. ```ts listener.addAction('first-action', { action: ListenerAction.authenticateOidc({ next: ListenerAction.forward([secondAction]), ..., }), }); ``` Bind is never called for the second action (i.e. `next`) which means the security group ingress rules are not created. This PR updates the `ListenerAction.bind` method to call `bind` for any `next` action that is configured. fixes #12994 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

- add engine version 1.2.0.0 - introduce a new enum for parameter group family - update parameter groups to support specifying parameter group family closes #21877 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…21967) When performing function bundling sometimes the bundling steps will write files. Currently all these commands are run from the `entry` which is the actually source code location. This leads to contaminating the source code with bundling artifacts. This PR re-orders the bundling steps to first move the `entry` to the `outputDir` and then perform the bundling steps there. I've also updated all of the integration tests to use the new integration test framework and assertions. fixes #19231 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Adds a construct for a SAML user pool identity provider. I based much of this off of #20241, as the OIDC and SAML identity pool providers share e.g. the length limitations on provider names. For the integration test, you have to specify a valid SAML metadata URL or XML document, or the stack won't be created. I used a sample URL from the [samling](https://fujifish.github.io/samling/samling.html) project, but this could be changed if anyone has a better suggestion. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… event sources (#21917) ## Description Adds the ability to create filters for SQS, DynamoDB and Kinesis, enabling filter criteria settings for event sources ## Use Cases With this PR will be possible, for example, to filter events from a DynamoDB Stream allowing only INSERT events to be transmitted as shown in the example below ```typescript const fn = new NodejsFunction(this, 'Fn'); const table = new dynamodb.Table(this, 'T', { partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING, }, stream: dynamodb.StreamViewType.NEW_IMAGE, }); fn.addEventSource(new sources.DynamoEventSource(table, { startingPosition: lambda.StartingPosition.LATEST, filters: [ lambda.FilterCriteria.filter({ eventName: FilterRule.isEqual('INSERT'), }), ], })); ``` Closes #17874 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… indirectly through a cluster (#20944) Closes [#20656](#20656) This PR enables users to directly add parameters to a `ClusterParameterGroup` or indirectly through a `Cluster`. There are a few reasons why this would not succeed, such as the parameter already existing or trying to add parameters to an Imported Parameter Group and/or Cluster. With this in mind, the methods return a `AddParameterResultStatus` which let's developers handle failure cases more elegantly. Ex. On `SUCCESS` or `SAME_VALUE_FAILURE` do nothing, but on `CONFLICTING_VALUE_FAILURE` or `IMPORTED_RESOURCE_FAILURE` throw some sort of error indicating what you need the developer to do in their application to resolve the issue. This is very useful in the case of vending constructs that take in a Redshift Cluster as an input. See #20656 for more context. I don't think this is significant enough to be called out in the README with an example, but happy to add one if necessary. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [X] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ins space (#21049) When running `cdk init --language=csharp` or `cdk init --language=fsharp` with one or more spaces in the path to the project, `init` will fail. This fix adds in handling for spaces and other special characters in the file path for both windows systems and posix systems. This PR moves the temporary hook directory to the same directory as the source directory so that it can use the local `os.ts` file and other dependencies. `ShellOptions` was also removed because it wasn't used. Tests have been added for posix and manual testing was performed on a windows machine. Closes issue #18803. ---- ### All Submissions: *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

… function (#21970) If an SQS event sources is added to an imported function it will throw an error if the function is not imported with an IAM role. This PR updates the logic to only attempt to add permissions to the principal if the role exists, otherwise it will add a warning indicating that permissions were not added. fixes #12607 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ngWindow (#21981) Fixes #21974 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

@TheRealAmazonKendra

…21926) - neptune engine version 1.2.0.0 introduced more granular access control https://docs.aws.amazon.com/neptune/latest/userguide/iam-dp-actions.html - introduce grant method to facilitate working with different actions #21877 ---- This PR is split from #21908 as per the discussion with @TheRealAmazonKendra ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…n fromApplicationListenerAttributes (#21934) ### Problem The static method `fromApplicationListenerAttributes` was describe with `securityGroup` property optional on documentation but this will throw an error because `securityGroup` is required ### Solution This PR makes the `securityGroup` property mandatory Fixes #21930 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Some of the listed events are no longer supported and don't do anything. Note this fact and refer readers to a page in the AWS Backup guide that lists the currently-supported events. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

#21994) The EKS and StepFunctions Tasks tests were failing as a result of this upgrade due to the change in the template url for awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B The object key for this asset was changed. Each of the failing tests have also been updated to use the new integ test construct. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

In the `aws-lambda-nodejs`, `aws-lambda-python`, and `aws-lambda-go` package `README`s, the code examples use `lambda` as the name to import the package. This makes the code examples confusing because `rosetta/default.ts-fixture` masks the `import` statement from readers and may confuse them as to why their `lambda` import doesn't work when they use `lambda.NodejsFunction` (or similar). The imports are changed to `nodejs`, `python`, and `go`. While the last (`go`) is in fact a keyword in its own language, so too is `lambda` in Python. This matches the pattern used by other packages' examples (`aws-route53-patterns` for example uses `patterns` as the name for its import in docs). This change should make the docs more clear to new users, who likely started using Lambda using `lambda.Function` and already have a `lambda` import that won't do what they want. Closes #22003 ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

Closes: #21731 As mentioned in the referenced PR the `contextAccountId` doc string contained the wrong docstring as it in fact returns the callers account id. Implemented a the fix as per the ticket recommendation. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ified (#22039) I've found myself several times without thinking specifying `AWS_REGION` as an environment variable explicitly when writing a lambda function that needed to know the region, and only found it was problemattic and unnecessary at cloudformation deployment time. This change adds a simple error to enable faster failures during development when a developer specifies a reserved environment variable name - it's purely a convenience change to help avoiding wasting time waiting for a deployment and rollback in an edge case where the developer is making a clear error. This does not reference any existing issue. ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR fixes some issues with how SSM parameter types are implemented. Currently this module models a single type of parameter (`ParameterType` enum) and that type is used to represent _both_ [CloudFormation SSM Parameter types](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html#aws-ssm-parameter-types) For example, ```ts new cdk.CfnParameter(this, 'Param', { type: 'AWS::SSM::Parameter::Value<String>', // type }); ``` _and_ the [AWS::SSM::Parameter.type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-type) For example, ```ts new ssm.CfnParameter(this, 'Param', { type: 'String', }); ``` This overloading caused the issue in the referenced issue as well as making it more confusing for the user. For example, You can specify a type when creating a `StringParameter`, but you shouldn't need to since the only valid values are `String | StringList` and these are modeled as two separate classes `StringParameter & StringListParameter`. To address this, the PR introduces a new enum `ParameterValueType` to model the CloudFormation SSM Parameter Types. This enum is only used in the `valueForXXX` and `fromXXX` methods since those return a CFN parameter. - Deprecated `ssm.StringParameter.valueForTypedStringParameter` since it uses the old overloaded `ParameterType`. - Introduce a new `ssm.StringParameter.valueForTypedStringParameterV2` that uses the new `ParameterValueType` enum - Add `ssm.StringListParameter.valueForTypedListParameter` - Add `ssm.StringListParameter.fromListParameterAttributes` - Deprecated `StringParameterProps.type` since the value should only be `String`. fix #12477, #14364 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR adds a method (`saslTls `) to have both IAM And TLS for the ClientAuthentication given that this is already supported since October 2021 as feature in the Console as well as in the CloudFormation level. It addresses this issue: #16980 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…Certificate (#22040) This PR adds a method override for `applyRemovalPolicy` which allows the user to specify a removal policy for the `DnsValidatedCertificate` construct. Since this construct is backed by a custom resource, the lambda handler was updated to no longer delete the certificate if the `RemovalPolicy` is set to `retain`. This is also needed to allow for an easier migration from `DnsValidatedCertificate` -> `Certificate` fixes #20649 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/bump/2.42.0/CHANGELOG.md)

…alidatedCertificate (#22040)" (#22056) This reverts commit b3c9464. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.42.0/CHANGELOG.md)

…2075) We were not exposing the `enableLookups` property when creating an `IntegTest`. This also updates `integ-runner` to ensure that we are correctly utilizing `enableLooups`. There was an undiscovered (because you couldn't set `enableLookups=true` :) ) bug which set the dummy context on _every_ command (i.e. deploy, destroy) when it should have only been set when synthing the snapshot. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…22083) In creating a DeploymentGroup, auto rollback cannot be disabled because there is no way to set the enabled property of auto-rollback-configuration to false. Once automatically rollback is enabled, it cannot be disabled by deleting the `autoRollback` property or by setting both deploymentInAlarm and failedDeployment to false. The root cause of this bug is that if all autoRollback properties, `deploymentInAlarm`, `failedDeployment`, and `stoppedDeployment`, are false, `AutoRollbackConfig` is undefined and cannot be changed to disabled. To solve this bug, `autoRollback` is disabled (`{ enabled: false }`) if the properties of `autoRollback` are explicitly set to false. closes #21691 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See https://aws.amazon.com/de/blogs/developer/announcing-the-end-of-support-for-node-js-12-x-in-the-aws-sdk-for-javascript-v3/ ---- * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

closes #22088 We always need to use `evaluateCfnTemplate.evaluateCfnExpression` when a variable to be used in hotswap may contain tokens. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Added ability to specify MaxAggregationInterval from ec2.Flowlogs. The default value of 600 seconds usually works, so there is no effect on existing. The original CFn property is here. https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-maxaggregationinterval ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ntains space (#22112) Reverts #21049 Resolves #22090

See CHANGELOG ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.42.1/CHANGELOG.md)

Adding the title check for all submitted PRs, not only the breaking change ones. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Historically, `cdk init` used to create a dedicated temporary directory for hook scripts and copy `*.hook.*` scripts into there. In #21049, the logic was changed to create that temporary directory inside the CLI source directory. If that CLI source directory is mounted in a read-only location (say, `/usr/lib/node_modules`) then that directory could not be created and `cdk init` would fail. Historically, hook scripts were arbitrary scripts outside the scope of the CLI, but the previous change tried to reuse code from the CLI. That does not work because the CLI is now being bundled (all code and dependencies in one giant `.js` file), so reusing from the outside using a different entry point cannot work. (It's not clear that this is happening because we leave the source files in the original location inside the NPM package, to try and halfway not break people using the CLI in ways that are unsupported but happen to work). Instead, bundle the hook logic into the CLI itself, so it all uses the same mechanism. Fixes #22090. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…than 60 characters (#22119) Limits the resource type name to 60 characters to account for CloudFormation limitations with Custom Resource Resource Types Closes #22055 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…rty (#22133) In this [PR](#14526) the disableExecuteApiEndpoint property was added to RestApiBaseProps, which is used by both RestApi and SpecRestApi. The property is propagated to the resulting CfnRestApi when specified for a RestApi, but is ignored when specified for a SpecRestApi. Closes #21295. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The PR linter now provides the output of a failure in the comments. This also updates the node version in the action. A couple extra notes for reviewer ease: - Now that we are writing to the PR, we cannot test with an unauthenticated client so I deleted that section of the documentaion. - `github-api` did not have the apis needed for this change so I switched out its use for `@actions/github` - individual behavior tests no longer throw LinterError. Instead all the errors are collected and displayed to the contributor before the error is thrown. - in `parser` the check on line 14 `if (!parsed.scope)` would never have been reached because another test threw an error in every case before getting to this line so I've removed it here. It wasn't doing anything and that error case is already covered elsewhere. - The many many many changes requested comments in this PR were intentional tests. It's a lot of noise, but useful for showing behavior. - Initially I used the wrong token so `github-actions` was performing the reviews. It's now fixed to be `aws-cdk-automation` ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

temp fix until we can get the aws-cdk-automation working correctly on this. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- With the merge of [#20292](#20292) the accountID type was essentially required to be a string with the exception of an unencoded token. So, while the type of accountId cannot be set to string and must remain any to preserve compatibility, the hint for accountId should at least suggest that a string should be used rather than an int.

… a long string representation (#22163) We have a limitation on the length of `destinationKeyPrefix` to be no more than 104 characters. This is because it is used to tag the destination bucket, and tag keys cannot be longer than 128 characters (we prefix the prefix). However, this validation should not apply when `destinationKeyPrefix` is a token, because in that case it's simply validating the length of the string representation of a token, which doesn't make sense. ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

@scanlonp

See [merit badger readme](https://github.com/kaizencc/github-merit-badger#readme) for an overview of the github action that is introduced in this PR. The idea is that a "merit badge" will be applied to every incoming PR via label based on prior (successfully merged) contributions to the CDK. The badges are as follows: - `beginning-contributor`: contributed between 0-2 PRs to the CDK - `repeat-contributor`: contributed between 3-5 PRs to the CDK - `valued-contributor`: contributed between 6-12 PRs to the CDK - `admired-contributor`: contributed between 13-24 PRs to the CDK - `star-contributor`: contributed between 25-49 PRs to the CDK - `distinguished-contributor`: contributed 50+ PRs to the CDK We will **not** label PRs that come from the core team. Special thanks to @scanlonp and @Tianyi-W if/when this does get merged.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update fork #2

Update fork #2

Commits on Aug 12, 2022

Commits on Aug 14, 2022

Commits on Aug 15, 2022

Commits on Aug 16, 2022

Commits on Aug 17, 2022

Commits on Aug 18, 2022

Commits on Aug 19, 2022

Commits on Aug 20, 2022

Commits on Aug 22, 2022

Commits on Aug 23, 2022

Commits on Aug 24, 2022

Commits on Aug 25, 2022

Commits on Aug 26, 2022

Commits on Aug 29, 2022

Commits on Aug 30, 2022

Commits on Aug 31, 2022

Commits on Sep 1, 2022

Commits on Sep 2, 2022

Commits on Sep 3, 2022

Commits on Sep 5, 2022

Commits on Sep 6, 2022

Commits on Sep 7, 2022

Commits on Sep 8, 2022

Commits on Sep 9, 2022

Commits on Sep 11, 2022

Commits on Sep 12, 2022

Commits on Sep 13, 2022

Commits on Sep 14, 2022

Commits on Sep 15, 2022

Commits on Sep 16, 2022

Commits on Sep 17, 2022

Commits on Sep 19, 2022

Commits on Sep 20, 2022

Commits on Sep 21, 2022